The Super User Management module in SAST offers a feature that allows users to work without permission SAP_ALL or other critical authorizations in the production system.
User FireFighter is a temporary user, which provides extended permissions,
and at the same time allows you to control it in the system.
Additional accounts are created by the SAP Authorization Administratorand assigns users who can use special permissions.
If emergency or emergency support is required and additional authorizations are needed, the Support users assigned to it have accounts at their disposal FireFighter (FF).
Authorization administrators can create new FF accounts for the activities of various business units in SAP. However, such accounts cannot be used for daily work on the system.
In the SAST tool, we can define appropriate accounts for FireFighter users and assign persons responsible for controlling the use of indicated FF users to them. In our case, they are called auditors. These people after the commencement and completion of work by FireFighter users receive notifications to their email inbox.
After selecting the FF user from the list of available accounts and describing the planned actions in a new window, you can start working as a FireFighter user.
After completion of support work, SAST records all activities performed by the Firefighter user and provides the responsible person (auditor) with an appropriate report.
Each report should be regularly verified and approved by the auditor.
In case of discrepancies in actions, the necessary explanations should be obtained from the person who used the FireFighter user.
The introduced procedure additionally protects against the use of critical users of FireFighter without prior approval of the auditor. A specially generated key is required to log in.
SAST also has an automatic function (Passive Monitoring) that records activity for super users in SAP. This group includes: „SAP*”, „EarlyWatch” i „DDIC”.
--------------------------------------------------------------------------------------------------
WORTH READING:
author: Marek /SAST Polska Team/